Product:

Communications_cloud_native_core_unified_data_repository

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2019-08-20 CVE-2019-10086 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. Commons_beanutils, Nifi, Debian_linux, Fedora, Leap, Agile_plm, Agile_product_lifecycle_management_integration_pack, Application_testing_suite, Banking_platform, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_evolved_communications_application_server, Communications_metasolv_solution, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_unified_inventory_management, Customer_management_and_segmentation_foundation, Enterprise_manager_for_virtualization, Financial_services_revenue_management_and_billing_analytics, Flexcube_private_banking, Fusion_middleware, Healthcare_foundation, Hospitality_opera_5, Insurance_data_gateway, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Real\-Time_decisions_solutions, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_xstore_point_of_service, Service_bus, Solaris_cluster, Utilities_framework, Weblogic_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform 7.3
2021-01-06 CVE-2020-36189 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. Debian_linux, Jackson\-Databind, Service_level_manager, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Commerce_platform, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_services_gatekeeper, Communications_session_route_manager, Communications_unified_inventory_management, Documaker, Jd_edwards_enterpriseone_tools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_xstore_point_of_service 8.1
2020-12-17 CVE-2020-35490 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. Debian_linux, Jackson\-Databind, Service_level_manager, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_router, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_merchandising_system, Retail_xstore_point_of_service 8.1
2020-12-17 CVE-2020-35491 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Debian_linux, Jackson\-Databind, Service_level_manager, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_platform, Banking_treasury_management, Banking_virtual_account_management, Communications_cloud_native_core_unified_data_repository, Communications_diameter_signaling_route, Communications_evolved_communications_application_server, Communications_services_gatekeeper, Communications_unified_inventory_management, Documaker, Insurance_policy_administration_j2ee, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_xstore_point_of_service, Sd\-Wan_edge 8.1
2020-12-03 CVE-2020-25649 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Banking_platform, Banking_treasury_management, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Quarkus 7.5